Palo-Alto-Networks

vulnerability 2026-05-06
Palo Alto PAN-OS CVE-2026-0300: Unauthenticated Root RCE on Captive Portal Exploited in the Wild, No Patch Until May 13
An unauthenticated buffer overflow in the PAN-OS User-ID Authentication Portal hands attackers root on PA-Series and VM-Series firewalls. Limited exploitation is already underway; first patches arrive May 13.
pan-os palo-alto-networks cve-2026-0300 zero-day firewall buffer-overflow captive-portal user-id

Palo Alto PAN-OS CVE-2026-0300: Unauthenticated Root RCE on Captive Portal Exploited in the Wild, No Patch Until May 13